1 / 15

Internet Routing Anomaly Monitoring System

Internet Routing Anomaly Monitoring System. Dongkee LEE. Overview. Internet Routing Anomaly Monitoring. (’04 8, 18 ~ ) Related works System – the present position (’04 9, 14 - 16 ) Future works. IRAM – basic idea. Internet Routing Anomaly Monitoring. IRAM – goals.

sileas
Download Presentation

Internet Routing Anomaly Monitoring System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Routing Anomaly Monitoring System Dongkee LEE ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  2. Overview. • Internet Routing Anomaly Monitoring.(’04 8, 18 ~ ) • Related works • System – the present position(’04 9, 14 - 16 ) • Future works ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  3. IRAM – basic idea. • Internet Routing Anomaly Monitoring. ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  4. IRAM – goals. • Construct routes monitoring infrastructure. • Obtain real-time information about the global routing system. • Then, What can we do with this? • Survey on routing anomaly detection. • Other uses. • AS path visualization, • Map IP addresses to AS for topological studies. ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  5. Related works • University of Oregon – Route Views Project. • http://routeviews.org/ • Routing information repository for … • Analysis of BGP routing table dynamics. • Work on routing table growth. • Analysis of geographic scope of routing announcements. ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  6. Related works • RIPE NCC – Routing Information Service. • http://www.ripe.net/ris/ • Much more than a Looking glass. • Provide historical information about internet routing. • Collects information by using Remote Route Collectors at different locations around the world. • Integrate this information into a comprehensive view. ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  7. Related works • PacketDesign – Route Explorer • http://www.packetdesign.com/ • Extensive real-time and historical router event monitoring and analysis for troubleshooting networks using BGP connections. • Real-Time IP Network Visualization and Monitoring. • Detect, Analyze and Diagnose Layer 3 Problems. • User-Defined Alerts and Reports. • Scenario Planning and Impact Analysis. ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  8. Related works • PacketDesign – Route Explorer ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  9. Related works • PacketDesign - • http://www.packetdesign.com/flash/index.html ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  10. Related works • Jun Li, Routing forensics • Online BGP data analysis system that takes Route View data as the continuous input. • State machine - Detect suspicious routing information exchanged among BGP routers. ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  11. IRAM – On going works (1) • Design formal IRAM architecture. ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  12. IRAM – On going works (2) • EBGP peering with kaist-border router. ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  13. IRAM - On going works (3) • [~2004 09 15] Deploy bgpmon.kisti • More intelligent agent script for bgpmon. dump -> /yyyymm/UPDATES/, RIBS/ -> bzip archiving -> backup ? • Project web page. • http://an.kaist.ac.kr/~dklee/research/iram/ ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  14. IRAM - Future works. • Negotiate with other-net admins for EBGP peering. • What kind of views on data we need to provide? • It’s not a technical problem but a political problem! • Research on existing routing anomaly detection techniques. • Offline misconfigurations. • MOAS. • Cold potato. ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  15. The END ETRI meeting (Sep 14, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

More Related